The discourse around application security makes for a complex discussion. Experts seldom reach agreement in defining the best strategy in the face of the myriad of threats that individuals and organizations face. That said, one truth is held unanimously: There is no “silver bullet.” In other words, no security solution can compensate for the inherent security vulnerabilities that exist in each and every layer of the application stack; from the human factor, through the software stack, and all the way down to the hardware on which the application runs. At the end of the day, it’s up to the system designers, developers, and architects to bring order to this chaos.

It’s important to understand the difference between the manner in which a defender and an attacker look at the same system. This difference goes beyond the fundamental asymmetry that we know exists between an attacker and a defender (e.g., resources at their disposal, skillset level, tolerance to failure, etc.). Instead, the core difference is embedded in their distinct perspectives.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.